For our organization we restrict access to the internet for most with a few acceptions. We use source IPs to control this, and only allow specific defined external websites outside of our Intranet. I need to allow a couple of users full access to the internet through the proxy server. Direct access is not an option as we both incomming and outgoing ports on the firewall locked with the acception of the VPN. Using ACL Type: Username/Password pair seems plausible, although I only want user authentication to promt the user when they need access to restricted sites. In other words I would like to apply this rule to the end of the ACL list and apply it just before the rule "http_access deny all". I understand that you must add the following to the squid.conf file. authenticate_program /usr/local/squid/bin/ncsa_auth /usr/local/squid/etc/passwd Will this cause every user to authenticate every time they use their web-browser to access the internet? Or will the rules defined in our ACL follow in order and only prompt for user/password when all the conditions in the ACL are not met? Regards, Jason
